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1 DOS protection: Using graphic turinq tests to counter automated DDoS attacks 
d|> against web servers 

^ William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Nlisra, Dan 
Rubenstein 

October 2003 Proceedings of the 10th ACM conference on Computer and 

communications security 
Publisher: ACM Press 

Full text available: ffi pdf(256.83 KB) Additional Information: full citation , abstract, references , citings, index 

terms 

We present WebSOS, a novel overlay-based architecture that provides guaranteed access 
to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits 
two key characteristics of the web environment: its design around a human-centric 
interface, and the extensibility inherent in many browsers through downloadable 
"applets." We guarantee access to a web server for a large number of previously unknown 
users, without requiring pre-existing trust relationships between ... 

Keywords: Java, graphic turing tests, web proxies 



Fine grained access control for SOAP E-services Q 
Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati 
April 2001 Proceedings of the 10th international conference on World Wide Web 
Publisher: ACM Press 

Full text available: pdf(258.34 KB) Additional Information: full citation , references , citings , index terms 



Keywords: SOAP, XML, access control, certificates, roles 



How clean is the future of SOAP? 
Conan C. Albrecht 

February 2004 Communications of the ACM, Volume 47 issue 2 
Publisher: ACM Press 

Full text available: ^ pdf(76. 14 KB) A N . t . , lt u 4 . . 4 ^ x . . 4 

jjf| htmKI 6.40 KB) Additional Information: full citation , abstract , references , index terms 

If developers are not wise with its application, SOAP may lose the ability to tunnel 
through firewalls— an ability that represents one of its primary advantages. 
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Bob Gehling, David Stankard 

September 2005 Proceedings of the 2nd annual conference on Information security 
curriculum development InfoSecCD '05 

Publisher: ACM Press 

Full text available: * Q pdf(95.37 KB) Additional Information: full citation , abstract , references , index terms 

Internet security has become a consistent and growing problem as new Internet-based 
technologies and applications are developed. The number of security violation related 
incidents continues to increase [6]. A reported incident can be as simple as a single 
computer being compromised or as severe as a complete network compromise involving 
hundreds of client computers. All Internet content you read, send, and receive carries a 
risk. The amount of security risks increases at the same time that depen ... 

Keywords: eCommerce, security, security awareness 



5 Technical correspondence: Java RMI, RMI tunneling and Web services comparison Q 
and performance analysis 

Matjaz B. Juric, Bostjan Kezmah, Marjan Hericko, Ivan Rozman, Ivan Vezocnik 
May 2004 ACM SIGPLAN Notices, Volume 39 Issue 5 

Publisher: ACM Press 

Full text available: ^ pdf(1.38 MB) Additional Information: full citation , abstract , references 

This article compares different approaches for developing Java distributed applications 
which have to communicate through firewalls and proxies, including RMI over open ports, 
HTTP-to-port, HTTP-to-CGI, HTTP-to-servlet tunneling and web services. A functional 
comparison of approaches has been done, as well as a detailed performance analysis with 
overhead analysis and identification of optimizations. Therefore the paper contributes to 
the overall understanding of different approaches for developi ... 

Keywords: RMI, SOAP, performance, tunneling, web services 




6 Session 2: secure Web services: Designing a distributed access control processor for Q ; 
^ network services on the Web 
^ Reiner Kraft 

November 2002 Proceedings of the 2002 ACM workshop on XML security 
Publisher: ACM Press 

Full text available: ^ pdf(301.14 KB) Additional Information: full citation , abstract , references , index terms 

The service oriented architecture (SOA) is gaining more momentum with the advent of 
network services on the Web. A programmable and machine accessible Web is the vision 
of many,and might represent a step towards the semantic Web. However, security is a 
crucial requirement for the serious usage and adoption of the Web services technology. 
This paper enumerates design goals for an access control model for Web services. It then 
introduces an abstract general model for Web services components, along ... 

Keywords: Web services, XML, access control, security 



7 Toward Flexible Messaging for SQAP-Based Services Q 
Geoffrey Fox, Shrideep Pallickara, Savas Parastatidis 

November 2004 Proceedings of the 2004 ACM/IEEE conference on Supercomputing 
Publisher: IEEE Computer Society 

Full text available: ^ pdf(247,58 KB) Additional Information: full citation , abstract 

NaradaBrokering provides a messaging abstraction that allows it to provide message- 
related capabilities in a transparent fashion. These capabilities include message-based 
security, time and causal ordering, compression, virtualization of transport protocol and 
addressing, and fault tolerance related functionalities. NaradaBrokering I combined with 
further extensions to its existing capabilities I can also take advantage of the maturing of 
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Keywords: Performance, Design, Reliability, Distributed middleware, Grid computing, 
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8 At the Forge: Introducing SOAP 
Reuven M. Lerner 
March 2001 Linux Journal 

Publisher: Specialized Systems Consultants, Inc. 

Full text available: html(25.12 KB) Additional Information: full citation , references , index terms 



9 Student papers: Securing XML data 
Jessica Heasley 

October 2004 Proceedings of the 1st annual conference on Information security 
curriculum development 

Publisher: ACM Press 

Full text available: ^| pdf(50.73 KB) Additional Information: full citation , abstract , references , index terms 

XML is becoming one of the most important and widely used data formats. XML data in 
transit over the Internet as well as the data residing on servers must be assessed for XML 
associated security vulnerabilities and be properly secured from malicious XML specific 
attacks. There are several options in implementing XML security devices such as firewalls. 
Users need to understand how XML relates and interacts with Internet applications. 
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10 Embedded systems: applications, solutions and techniques (EMBS): Code 
^ generation techniques for developing light-weight XML Web services for embedded 
devices 

Robert van Engelen 

March 2004 Proceedings of the 2004 ACM symposium on Applied computing 
Publisher: ACM Press 

Full text available:^ pdf(404. 19 KB) Additional Information: full citation , abstract , references 

This paper presents specialized code generation techniques and runtime optimizations for 
developing light-weight XML Web services for embedded devices. The optimizations are 
implemented in the gSOAP Web services development environment for C and C+ + . The 
system supports the industry-standard XML-based Web services protocols that are 
intended to deliver universal access to any networked application that supports XML. With 
the standardization of the Web services protocols and the availability of t ... 

Keywords: Web Services, XML, embedded systems, networking 



11 Applications: YouServ: a web-hosting and content sharing tool for the masses 

❖ Roberto J. Bayardo Jr., Rakesh Agrawal, Daniel Gruhl, Amit Somani 
May 2002 Proceedings of the 11th international conference on World Wide Web 

Publisher: ACM Press 

Full text available: ffl pdf(238.48 KB) Additional Information: full citation , abstract, references , citings, index 

terms 

YouServ is a system that allows its users to pool existing desktop computing resources for 
high availability web hosting and file sharing. By exploiting standard web and internet 
protocols (e.g. HTTP and DNS), YouServ does not require those who access YouServ- 
published content to install special purpose software. Because it requires minimal server- 
side resources and administration, YouServ can be provided at a very low cost. We 
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12 Content-triggered trust negotiation 

vsfi^ Adam Hess, Jason Holt, Jared Jacobson, Kent E. Seamons 

August 2004 ACM Transactions on Information and System Security (TISSEC), volume 7 
Issue 3 

Publisher: ACM Press 

Full text available: ^ pdf(815.36 KB) Additional Information: full citation , abstract , references , index terms 

The focus of access control in client/server environments is on protecting sensitive server 
resources by determining whether or not a client is authorized to access those resources. 
The set of resources is usually static, and an access control policy associated with each 
resource specifies who is authorized to access the resource. In this article, we turn the 
traditional client/server access control model on its head and address how to protect the 
sensitive content that clients disclose to and r ... 

Keywords: Trust negotiation, access control, authentication, credentials 



13 Computer security: theory, process and management 
George Whitson 

June 2003 Journal of Computing Sciences in Colleges, Volume 18 issue 6 
Publisher: Consortium for Computing Sciences in Colleges 

Full text available: ^pdfd 34.71 KB) Additional Information: full citation , abstract , references , index terms 

The Internet backbone servers were attacked and Web traffic slowed for a few hours, the 
Nimbda worm used Microsoft Web servers to infect all those downloading Web pages until 
appropriate patches were applied and credit card information is stolen every day. These 
are just some well known examples of breaches in computer security, but it is difficult to 
define computer security. Even when you get a good dictionary definition it is difficult to 
give a systematic description of the entire field. Thi ... 

14 SCL: a lang ua ge for security testing of network applications 
Sylvain Marquis, Thomas R. Dean, Scott Knight 

October 2005 Proceedings of the 2005 conference of the Centre for Advanced Studies 
on Collaborative research CASCON '05 

Publisher: IBM Press 

Full text available: ^ pdf(226.83 KB) Additional Information: full citation , abstract , references , index terms 

Security of network applications has become increasingly important in the past several 
years. Syntax-based testing is a black box, data driven testing technique, for applications 
for which input can be described formally. SCL is a component of Protocol Tester, a 
project at RMC and Queen's, that uses syntax-based testing to evaluate the security of 
network applications. As a language, SCL can describe the syntax and the semantic 
constraints of a given protocol, constraints that pertain to the tes ... 

15 Technical papers: software process: Using process technology to control and 
coordinate software adaptation 

Giuseppe Valetto, Gail Kaiser 

May 2003 Proceedings of the 25th International Conference on Software 
Engineering 

Publisher: IEEE Computer Society 

Full text available: ^^dfCL30MB)_® Additional Information: full citation , abstract , references , citings , index 
Publisher Site terms 

We have developed an infrastructure for end-to-end run-time monitoring, 
behavior/performance analysis, and dynamic adaptation of distributed software. This 
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infrastructure is primarily targeted to pre-existing systems and thus operates 
<u>outside</u> the target application, without making assumptions about the target's 
implementation, internal communication/computation mechanisms, source code 
availability, etc. This paper assumes the existence of the monitoring and analysis 
components ... 

16 IP lookup and packet classification: Network processor acceleration for a Linux* 
^ netfilter firewall 

^ Kristen Accardi, Tony Bock, Frank Hady, Jon Krueger 

October 2005 Proceedings of the 2005 symposium on Architecture for networking 

and communications systems ANCS '05 
Publisher: ACM Press 

Full text available: ^ pdf(485.59 KB) Additional Information: full citation , abstract , references , index terms 

Network firewalls occupy a central role in computer security, protecting data, compute, 
and networking resources while still allowing useful packets to flow. Increases in both the 
work per network packet and packet rate make it increasingly difficult for general-purpose 
processor based firewalls to maintain line rate. In a bid to address these evolving 
requirements we have prototyped a hybrid firewall, using a simple firewall running on a 
network processor to accelerate a Linux* Netfilter Firewa ... 

Keywords: hybrid firewall, netfilter, network firewall, network processor, prototype, 
throughput 



17 Firmato: A novel firewall management toolkit 
Yair Bartal, Alain Mayer, Kobbi Nissim, Avishai Wool 

November 2004 ACM Transactions on Computer Systems (TOCS), Volume 22 issue 4 
Publisher: ACM Press 

Full text available: ^ pdf(917.80 KB) Additional Information: full citation , abstract , references , index terms 

In recent years packet-filtering firewalls have seen some impressive technological 
advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread 
deployment. In contrast, firewall and security <i>management</i> technology is lacking. 
In this paper we present <i>Firmato</i>, a firewall management toolkit, with the 
following distinguishing properties and components: (1) an entity-relationship model 
containing, in a unified form, global knowledge of the sec ... 

Keywords: Security policy, firewall, management, model definition language, 
visualization 



18 Design of a high-performance ATM firewall 
Jun Xu, Mukesh Singhal 

August 1999 ACM Transactions on Information and System Security (TISSEC), volume 2 

Issue 3 
Publisher: ACM Press 

Full text available: ^| pdf(143.19 KB) Additional Information: full citation , abstract , references , index terms 

A router-based packet-filtering firewall is an effective way of protecting an enterprise 
network from unauthorized access. However, it will not work efficiently in an ATM network 
because it requires the termination of end-to-end ATM connections at a packet-filtering 
router, which incurs huge overhead of SAR (Segmentation and Reassembly). Very few 
approaches to this problem have been proposed in the literature, and none is completely 
satisfactory. In this paper we present the hardware desig ... 

Keywords: TCP/IP, asynchronous transfer mode, firewall, packet filtering, switch 
architecture 
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November 1998 Proceedings of the 5th ACM conference on Computer and 
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